I disagree on geo-targeting. I don't think that fits within definitions
of tracking I've seen. And I don't think we should be crafting the
standard on what might make some users think they're being tracked.
Rather, we should focus on what actually is tracking.
Moreover, Zip or Zip+4 contextual targeting is, to me, low impact
privacy-wise, and extremely beneficial, both to users, and to very many
small local businesses that rely on precise contextual geo-targeting in
order to use their limited advertising dollars effectively. They cannot
afford broad un-targeted campaigns. By limiting this usage we'd be
providing another competitive advantage to big national brands against
small local businesses.
Even though this usage of geo data is not tracking, I know of companies
that ensure a minimum pool size for zip+4 data. In other words, they
won't target to zip+4 pool of under, for example, 1000 households. This
seems like a nice practice for privacy, but it's also economic, as it's
just not worth it to try to target small pools of users. But, again,
it's not tracking, so shouldn't be part of this standard.
On 2/3/12 6:34 PM, Tom Lowenthal wrote:
> ACTION-65 ISSUE-39
>
> Proposed text. Compare with text currently in
> [S-4.1.2](http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#third-party-compliance)
>
> ~~~~
> ### Compliance by a third party {#third-party-compliance}
>
> If the operator of a third-party domain receives a communication to
> which a [DNT-ON] header is attached:
>
> 1. that operator MUST NOT collect or use information related to that
> communication outside of the explicitly expressed exceptions as defined
> within this standard;
> 2. that operator MUST NOT use information about previous communications
> in which the operator was a third party, outside of the explicitly
> expressed exceptions as defined within this standard;
> 3. that operator [MUST NOT or SHOULD NOT] retain information about
> previous communications in which the operator was a third party, outside
> of the explicitly expressed exceptions as defined within this standard.
>
> #### Non-Normative Discussion
>
> It is acceptable to use data sent as part of this particular network
> interaction when composing a response to a [DNT-ON] request, but it is
> not acceptable to store that data any longer than needed to reply. For
> instance, it would be appropriate to use an IP address to guess which
> country a user is in, to avoid showing them an advertisement for
> products or services unavailable where they live.
>
> When using request-specific information to compose a reply, some levels
> of detail may feel invasive to users, and may violate their expectations
> about Do Not Track. These sorts of detailed assessments should be avoided.
>
> *Reasonable behavior*: A user visits you from an IP address which a
> general geo-IP database suggests is in the NYC area, where it is 6pm on
> a Friday. You choose to show an advertisement for theaters and
> restaurants in the area.
>
> *Invasive behavior*: A user visits you from an IP address which suggests
> that they are in a particular ZIP+4, which has a distinctive demographic
> profile. Their user-agent indicates that they are a Mac user, further
> narrowing their expected profile. You serve them an ad for business
> within a few blocks of them which specializes in items which their
> expected profile indicates they may enjoy.
>
> In this example, even though the decision about which ad to serve was
> based exclusively on request specific information, but was still
> tailored to a highly-specific user profile. In particular, the
> estimation of a user's location to within a single ZIP+4 may make a user
> feel that they are being followed closely, even if the decision was made
> on the fly, and the information was only held ephemerally.
>
> ~~~
>